Employees’ Direct Deposit Rerouted After Phishing Attack

Duke officials are urging employees to be on alert for phishing email messages after four employees had their direct deposits for December rerouted to an unauthorized account following a phishing attack.

A fifth employee received a notification from a bank when the routing number was incorrectly entered by an unauthorized user, thus alerting the employee and preventing the transaction.

According to Duke's IT Security Office, the scam originated in November from a phishing message that appeared to be from "Duke IT Alert." It was sent to about 380 Duke users and instructed recipients to "confirm your login details" and directed them to a fake website that appeared similar to the standard NetID login page.

Richard Biever, Duke University's chief information security officer, said that phishing email messages that attempt to trick users into providing account information and passwords are increasingly common. "We typically receive one to five of these each week," he said.

"We want to remind everyone that Duke will never ask for your password or information about your account via email," Biever said. "While none of Duke's information security systems have been compromised through this incident, this situation is an important reminder that our end users are the front line for security."

Duke officials are working directly with the impacted individuals and external agencies to investigate the situation further.

More on Duke Today

When logging in, a user is required to enter both a password and a randomly generated code. The codes can be generated by a special device or token or can be sent via a text message or a smartphone application.

Duke's Office of Information Technology requires that system, network and application administrators who have higher-level access to systems use multi-factor authentication.

The service currently is optional for other Duke users. Any Duke faculty, staff or student can set up multi-factor authentication for their NetID and can select which of about 1,100 Duke-managed applications or websites, including the Duke@Work self-service site, will use it. Register online.